Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6418

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-6418
Last Modified 16 Jul 2014 02:56:27
Published 05 May 2014 01:06:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-6418

Summary

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

Vulnerable Systems

Application

  • Pywbem Project Pywbem 0.7


References

SUSE - SUSE-SU-2014:0580

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1039801

MLIST - [pywbem-devel] 20131216 TOCTOU issue (time of check, time of use)

CONFIRM - http://sourceforge.net/p/pywbem/code/627/

SECUNIA - 58327

MLIST - [oss-security] 20131220 Re: CVE already assigned for 1026891?


Last Updated: 27 May 2016 11:05:10